OSVDB ID: 78433

Title: Oracle JD Edwards EnterpriseOne Tools JDENET Crafted Packet Arbitrary User Password Remote Disclosure

Info

Disclosure

Jan 17, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jan 17, 2012

Description

Oracle JD Edwards EnterpriseOne Tools contains a flaw related to the Enterprise Infrastructure SEC (JDENET) sub-component that may allow a remote authenticated attacker to gain unauthorized access to certain user password information via a specially crafted packet.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Oracle Corporation	JD Edwards EnterpriseOne Tools	8.98
		8.98

References

Security Tracker: 1026532
CVE ID: 2011-2325 (see also: NVD)
Secunia Advisory ID: 47625
Bugtraq ID: 51486
Related OSVDB ID: 78431 78432 78434 78435 78436 78437 78438
Mail List Post: http://seclists.org/bugtraq/2012/Feb/143
Other Advisory URL: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2012-02
Vendor Specific Advisory URL: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html#AppendixJDE

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/78433

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Oracle Corporation

JD Edwards EnterpriseOne Tools

References

Credit